Hi,
we've encountered a kind of strange issue and solved it by a workaround, but not sure, if the issue is caused by a bug or the request string.
We've had to delete certain entries from an index, according to the documentation the query has to look like this:
curl -XPOST "http://kibana.company.com:9200/_delete_by_query" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{
"match": {
"_index": {
"query": “xxx-6.5.4-error-*"
}
}
},
{
"match": {
"context.service.name": {
"query": “xxx-production"
}
}
},
{
"range": {
"@timestamp": {
"lt": "2019-04-05",
"gte": "2019-04-04",
"format": "yyyy-MM-dd||yyyy-MM-dd||yyyy||yyyy-MM"
}
}
}
]
}
}
}
'
But this call throws an error:
{"error":"Incorrect HTTP method for uri [/_delete_by_query] and method [POST], allowed: [HEAD, PUT, GET, DELETE]","status":405}
But the corresponding search query is fine:
curl -XGET "http://kibana.company.com:9200/_search" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{
"match": {
"_index": {
"query": “xxx-6.5.4-error-*"
}
}
},
{
"match": {
"context.service.name": {
"query": “xxx-production"
}
}
},
{
"range": {
"@timestamp": {
"lt": "2019-12-31",
"gte": "2019-01-01",
"format": "yyyy-MM-dd||yyyy-MM-dd||yyyy||yyyy-MM"
}
}
}
]
}
}
}
'
and delivered as expected 2800 entries.
we've only been able to get the delete done, by adding the index into the the URI
curl -XPOST ’http://kibana.company.com:9200/xxx-6.5.4-error-date/_delete_by_query
and to execute it per day.
We are currently running elastic 6.3. But I'm assuming this is not related to the version.
Any idea?
Best regards